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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (original) A method for dynamically managing access to a resource in a computer 
system, the system having a client thereof making an access request for the resource, the 
method comprising: 

determining, via an application programming interface, based upon dynamic data and 
first dynamic policy whether a client authorization context is to be updated, wherein said first 
dynamic policy is tailored to an application through which the resource is accessed; 
identifying an access control entry as a callback access control entry; and 
in response to identifying the access control entry as a callback access control entry, 
evaluating, via said application programming interface, based upon dynamic data and second 
dynamic policy whether said callback access control entry bears on said access request, 
wherein said second dynamic policy is tailored to said application. 

2. (original) A method according to claim 1, wherein said first dynamic policy defines 
flexible rules for determining the client authorization context and wherein said second 
dynamic policy defines flexible rules for purposes of determining access privileges. 

3. (original) A method according to claim 1, further comprising computing the client 
authorization context after a request for a resource is received from the client and updating 
said client authorization context according to said determining. 

4. (original) A method according to claim 1, further comprising: 

comparing the client authorization context of the client to at least one access control 
entry of an access control list. 

5. (original) A method according to claim 1, wherein said evaluating based upon 
dynamic data includes invoking an application-defined dynamic access check routine that 
performs based in part upon dynamic data in the callback access control entry. 
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6. (original) A method according to claim 5, wherein said access check routine is 
invoked automatically when there is a match between an identifier in the client authorization 
context and an identifier in the callback access control entry. 

7. (original) A method according to claim 1, further comprising registering with a 
resource manager, an application-defined routine for determining dynamic groups. 

8. (original) A method according to claim 1, further comprising registering with a 
resource manager, an application-defined routine for determining dynamic access checks. 

9. (original) A method according to claim 1, wherein said evaluating based upon 
dynamic data and second dynamic policy supplements a determination of access rights based 
upon static data and policy. 

10. (currently amended) A tangible computer readable medium having computer 
executable instructions stored thereon that when executed implemented by a computer for 
carrying out cause the computer to implement the method of claim 1 . 

1 1 . (canceled) 

12. (currently amended) A tangible computer readable medium having computer 
executable instructions stored thereon that when executed by a computer cause the computer 
to carry for carrying out a method for dynamically updating a client authorization context in a 
computer system, the method comprising: 

computing a client authorization context after the request for the resource is received 
from the client; 

determining, via an application programming interface, based upon dynamic data and 
dynamic policy whether said client authorization context is to be updated, wherein said 
dynamic policy is tailored to an application through which the resource is accessed; and 

updating said client authorization context according to said determination. 

13. (currently amended) A tangible computer readable medium according to claim 12, 
the method further comprising: 
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comparing the client authorization context to at least one access control entry of an 
access control list. 

14. (currently amended) A tangible computer readable medium according to claim 13, 
the method further comprising: 

identifying an access control entry as a callback access control entry. 

15. (currently amended) A tangible computer readable medium according to claim 14, 
further comprising: 

in response to identifying the access control entry as a callback access control entry, 
determining, via an application programming interface, based upon dynamic data and 
dynamic policy whether said callback access control entry bears on said access request, 
wherein said dynamic policy is tailored to said application. 

16. (currently amended) A tangible computer readable medium according to claim 15, 
wherein said determining based upon dynamic data includes invoking an application-defined 
dynamic access check routine that performs based in part upon dynamic data in the callback 
access control entry. 

17. (currently amended) A tangible computer readable medium according to claim 16, 
wherein said access check routine is invoked automatically when there is a match between an 
identifier in the client authorization context and an identifier the callback access control 
entry. 

18. (currently amended) A tangible computer readable medium according to claim 12, 
the method further comprising registering with a resource manager, an application-defined 
routine for determining dynamic groups. 

19. (currently amended) A tangible computer readable medium according to claim 12, 
the method further comprising registering with a resource manager, an application-defined 
routine for determining dynamic access checks. 
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20. (currently amended) A tangible computer readable medium according to claim 12, 
the method further comprising comparing data to a client authorization context determined 
based upon static data and policy before determining whether the client authorization context 
is to be updated. 

21 . (currently amended) A tangible computer readable medium according to claim 15, 
wherein said determining based upon dynamic data whether said callback access control 
entry bears on said access request supplements a determination of access rights based upon 
static data and policy. 

22. (currently amended) A tangible computer readable medium having bearing computer 
executable instruction s stored thereon that when executed by a computer cause the computer 
to perform for performing a method of dynamically managing access to a resource in a 
computer system, the system having a client thereof making an access request for the 
resource, the method implemented by the computer comprising: 

comparing the authorization context of the client to at least one access control entry of 

an access control list; 

identifying an access control entry as a callback access control entry; and 

in response to identifying the access control entry as a callback access control entry, 

determining, via an application programming interface, based upon dynamic data and 

dynamic policy whether said callback access control entry bears on said access request, 

wherein said dynamic policy is tailored to said application. 

23. (currently amended) A tangible computer readable medium according to claim 22, 
wherein said determining based upon dynamic data includes invoking an application-defined 
dynamic access check routine that performs based in part upon dynamic data in the dynamic 
callback entry. 

24. (currently amended) A tangible computer readable medium according to claim 23, 
wherein said access check routine is invoked automatically when there is a match between an 
identifier in the client authorization context and an identifier the dynamic callback entry. 
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25. (currently amended) A tangible computer readable medium according to claim 22, 
wherein said determining based upon dynamic data whether to grant the access request 
supplements a determination of access rights based upon static data and policy. 

26. (currently amended) For an application in a computer system having a resource 
manager that manages and controls access to a resource, a tangible computer readable 
medium bearing having computer executable instructio ns stored thereon that when executed 
by a computer causes the computer to carry for carr>dng out a dynamic authorization callback 
mechanism that provides extensible support for application-defined business rules via a set of 
APIs and DACLs including a dynamic groups element, which enables an application to 
assign temporary group membership, based on dynamic factors, to a client for the purpose of 
checking access rights. 

27. (currently amended) A tangible computer readable medium bearing having computer 
executable instruction s stored thereon that when executed by a computer causes the computer 
to carry for carrying out a dynamic authorization callback mechanism according to claim 26, 
further comprising a dynamic access check element, which enables an application to perform 
dynamic access checks, via DACLs and APIs, said dynamic access checks being customized 
to the application. 

28. (currently amended) A tangible computer readable medium bearing having computer 
executable instruction s stored thereon that when executed by a computer causes the computer 
to carry for carrying out a dynamic authorization callback mechanism according to claim 26, 
wherein said dynamic groups element and a dynamic access element are registered with the 
resource manager upon initializing the resource manager. 

29. (currently amended) A tangible computer readable medium bearing having computer 
executable instruction s stored thereon that when executed by a computer causes the computer 
to carry for carrying out a dynamic authorization callback mechanism according to claim 26, 
wherein said dynamic groups element and a dynamic access element utilize dynamic data that 
includes at least one of (1) data related to client operation, (2) authorization policy data stored 
in callback access control entry and (3) run-time data managed by the application. 
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30.-32. (canceled) 

33. (new) A computer readable medium having computer executable instructions stored 
thereon that when executed by a computer causes the computer to provide dynamic 
authorization of an application in a computer system based upon application-specific or 
business rules that incorporate dynamic data , the dynamic data including an identifier for 
identifying whether a dynamic access check callback function should be invoked for 
conducting said dynamic authorization of said application, data from client operation 
parameters, authorization policy data stored in a callback a callback access control entry, and 
any other authorization policy data managed, computed or retrieved by the application, the 
computer executing said computer executable instructions to perform the steps of: 

the application using an initialization routine to register with a resource manager 
dynamic groups that enable the application to assign temporary group membership based 
upon transient or changing factors to a client for the purpose of checking access rights and to 
register with said resource manager dynamic access check callback functions that enable the 
application to perform customized procedures for checking access rights based on said 
transient or changing factors; 

adding said dynamic access check callback functions to the resource manager's 
registered callback list; and 

automatically invoking a dynamic access check callback function by access check 
application programming interfaces that initialize a client authorization context from a system 
level authorization context or a user's security identifier, whereby when a user attempts to 
connect to the application, the registered dynamic access check callback function is invoked 
such that the client context is augmented with client contextual data dynamically computed 
using said dynamic data. 

34. (new) A computer readable medium according to claim 33, wherein said user's 
security identifier is used for an access privilege check of said application. 
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